[haiku-bugs] Re: [Haiku] #14927: HaikuDepot doesn't show any packages

  • From: "Haiku" <trac@xxxxxxxxxxxx>
  • To: undisclosed-recipients: ;
  • Date: Wed, 20 Nov 2019 22:37:20 -0000

#14927: HaikuDepot doesn't show any packages
---------------------------------------+----------------------------
   Reporter:  KapiX                    |      Owner:  apl-haiku
       Type:  bug                      |     Status:  reopened
   Priority:  normal                   |  Milestone:  Unscheduled
  Component:  Applications/HaikuDepot  |    Version:  R1/Development
 Resolution:                           |   Keywords:
 Blocked By:                           |   Blocking:
Has a Patch:  0                        |   Platform:  All
---------------------------------------+----------------------------
Comment (by kallisti5):

 For context here is the change that was reverted trying to fix the URL /
 BaseURL mess:

 https://git.haiku-
 
os.org/haiku/commit/src/kits/package?id=fda0bf77fbdf5876ce81a39da324145143d6ad18

 There was some compatibility stuff in the code to prevent it from flat-out
 breaking everyone, but there were definitely some issues.


 As for repo signing... Pulkomandy is correct..ish.  The sha256 is valuable
 since the repo file "contains a sha256 for every package".  But since
 anyone can generate a new repo file with "fake sha256 checksums for
 malicious packages the chain of trust is incomplete.

 This is why the repo files built by concourse (the new CI i'm trying to
 beat into submission) are signed...
 http://test.hpkg.haiku-os.org/master/x86_64/current/repo.minisig


 We could also sign all packages... but that's a lot of work.
-- 
Ticket URL: <https://dev.haiku-os.org/ticket/14927#comment:21>
Haiku <https://dev.haiku-os.org>
The Haiku operating system.

Other related posts: